Select a PlantPAx System Process Safety Systems A process automation solution often includes the requirement for Select from the following technologies an integrated safety systern as part of the overall Safety + ControlLogix Si 2 Systems instrumented System (SIS) requirements fora process facility. The. Avance and Trusted SIL2 SIL3, and TMR systems SiS logic solvers a separate but integrated technology thatcan |S vee) natuments, Use common or diverse technology to meet the safety integrity needs for any process application + Ooiisis Safety Integrated Systems ‘The SIS logic solver requirements can include fault tolerance, fail safe, or a mix of architecture and Safety Integrity Level (SIL) requirements, Fault tolerance means ta maintain plant operation in the event ofa fault, while fail-safe means to initiate a shutciown in the event of a faut. ‘able 88 provides guidance of which SIS logic solver is typically used based on application. Ths is not an absolute selection ‘guide. We recommend that you work with subject matter experts from Rockwell Automation to make the right choice Table 56 Typical SIL and Architecture System Requirements oes Safety Platform Safety pation ‘editeaue | Tpalsiange | Demand erase hoes foatwon [pests ‘owtigh nse Feng sia ow ihe pee sen 3 sone ene peeing yest vig 4 reg ‘onign oss Safe Pao Safety Apatin ‘diteaue | WpalsiRange | Demand Sunerrungenettanaspocs) | fatukae | UpeSLY Tih a Fave ean oes Sete Pao Safety Aplaion Anditecre | TpalstRange | Demand amerniignemipone dine) | ise sa eg ‘ube aciney omstas Ulex ow 1 ‘eg fea aL. awe cqsmen Spey ena Contig Accume Thigh lainy camel ses 1 Moana aa, lee panto as nee 1 Caran scant: aéezrdrarraw ecco eantspry Ws shh ran bea i demand phar, Rockwell Automation Publication PROCES SGOOI-EN-P Api 2016 6Selecta PlantPAx System Safe, relable systems safeguard people, property, the environment, and company or corporate reputations. Third-party Certification for applying technologies in applications up to a specific SIL level significantly reduces complexity when complying with national and international process safety standards worldwide, Process safety technology selection is based on functional and target SIL requirements, defined in the projects Safety Requirements Specification (SRS). For example, if the SS requirement is or the Safety instrumented Function to always fal safely upon a fault, you can selec a failsafe only technology. I however, some level of fault tolerance is defined for your process safety system, you can select a fault tolerant technology. “There are different levels of faut tolerance avalable, For example: + 1002d refers to a voting and degradation architecture where diagnostics is used to determine the validity of two values or states. When both values are ‘healthy; then either one out of the two (1602) available is used in the outcome of the Safety instrumented Function (SIF. When one of the two values or states is determined to be ‘invalid that value or state isno longer considered when determining the outcome of the SIF (the vating degrades to Toal, one out ofthe remaining good one). This dramatically reduces the nuisance trip rate of a basic 1002 architecture, while maintaining safety performance. + 2003 refers toa voting and degradation architecture where comparison diagnostics ae used to determine the outcome Of the SIF Two ‘out of’ the three (2003) available values or states ate requited to determine the outcome of a SIF This architecture, often referred to as Triple Modular Redundancy (TMR), ets a failed value or state to be ignored when, resolving the SIE TiP:In adition to the comparison diagnostics, ‘outcome ofthe SIF tive diagnostics are also used to validate states and values used in the ‘able 57 shows the capabilities of the p ‘Table 57 - Process Safety System Capabilities 3s safety systems. Your solution can include one or a combination of technologies rcs Steyn Sean nmol mane Trae ay ‘6 Ww e 38 We We Ws Fade ets cu we 6 Tad at eT te Ww w eset sem pegzured wit decked pogarmingsctve) | Ne Ww We Tue a opie agar canman anne oganming an) | Vs oy % Shae pgetsping eral abu ey ene) te Ye We {ees rhnemo Pe Coma ase grey e780 em Nala 2ysen ae ase bm oe ana, Boe ASHE oad edi eng, ControlLogix SIL 2 Systems ControlLogix supports process safety applications up to SIL2 requiring fault tolerance and redundancy. ContolLogix supports 1002¢ fault tolerance with the 1715 /O system, However, ControlLogix redundancy does not use a voting mechanism, rather it acts as a hot standby. The components of the 1715 /O system comprise a par of partnered Ethemet adapter modules that communicate to Controllogx contiolers via an EtherNev/P network, and digital and analog VO modules that are configurable in simplex and duplex modes, “The ControlL. og L7x controller complies with the requirements ofthe relevant standards (SIL2 according to IEC 61508) and can be used in low demand applications up to SIL2 according to IEC 61508). The instructions of the associated Safety Reference Manual and User Manuals are to be considered. 70 ck Automation Publication PROCES SGOOI ENP Api 2016Select a PlantPAx System ontrolLogx SIL 2 systems use the same programming software and data interfaces as used for process control on the PlantPAX. system, The hardware that is used for process safety must be dedicated for process safety applications, Specific hardware, rmware revisions, and software versions are required to meet SIL certifications. To make sure that you have the cortect equipment, see the Using ControlLogixin SI 2 Application Safety Reference Manual, publication 1756-RMO01 AADvance and Trusted SIL2, SIL3, and TMR systems Diverse SIS logic solvers use diferent hardware and software platforms for process safety applications than that used for process control on the PlantPAx system, This approach is used to minimize common cause faults from infuencing the overall safety integrity, Triple redundancy minimizes the possibilty of any single component failure to cause a spurious or false trip. Diverse process safety integrates with the basic process control on the PlantPAx system by using CIP connectivity including profile support in Logix Designer software (AADvance) or via OPC connectivity (AADvance or Trusted"), Both the Trusted and AADvance systems share a common EtherNev/IP network within a PlantPAx system. In addition, AADvance and Trusted support redundant Ethernet networks, while the AADvance system supports the CIP producer and ‘consumer communication protocol ‘Table 58 - Diverse SIL 2 and SIL 3 Products “ategory Description dane The Avanos lowing Cagle rd 3 + Scaleetunin frtatence + Singles. ge arti cefguaon Ted | ‘sted clog e320 (5-2-2 pal a-eraoo vrtualy eete spurs tps gle ear eur ses rary igo ease cae Aral ih OP er CP megan Table 59 - Additional Resources Resour Description 7a las onion peor LEN, Taps esperar and ncn be MDa nae afd NSF sesame udsnesonhaw ose assten ome your gplaton eure. ‘rete ul ana) pbten TED ros epic arb wt ieraton on own ase en, sth sevice econ ‘Mae Grigsaton Gale poaton LEIS Defies hn caiuean Dare anor ig te AADance Wonca met ouSoysnene cio (apa uteri, mats Pres many que an aw sap AAD met ares sy Salada ates ecmmerstns sale iy AACN SS aplains Epans how ose Geleg cies, aay Nal pba ‘vane Fabio gar Maal platen CLG ves pi mane prard wi atin om ocean eae ahah Dare eran peau mactare ss SiL-rated Instruments SL rated instruments are typically required for process safety loops, Rockwell Automation provides premier integration between ControlLogix systems and Endress+Hauser SILrated instruments. For more details, see the Endress+Hauser website at hito//vwves usendross com. Rockwell Automation Publication PROCES SGOOI-EN-P Api 2016 n